DATA PROTECTION & PRIVACY

A. Controller [Person Responsible] in the Meaning of Article 4 (7) GDPR [General Data Protection Regulation]

WINKELMANN CONSULT GMBH & CO. KG
Head Office [Hauptsitz] Hamburg
Gänsemarkt 45
20354 Hamburg
Telephone: +49 (0)40 – 411617 – 0
Fax: +49 (0)40 – 411617 – 20
Email: info@winkelmannconsult.de
Web: www.winkelmannconsult.com

We are delighted about your visit to our website of WINKELMANN CONSULT GMBH & CO. KG [Private Limited Company & Limited Commercial Partnerships with a Private Limited Company as the General Partner under German law] and thank you for your interest in our company and services. The protection of your privacy is of particular importance to us. In the following we would like to inform you about the collection, processing and use of your data. This will always be carried out in accordance with the data protection regulations.

B. General Information
Basically, you can visit the website of WINKELMANN CONSULT GMBH & CO. KG without disclosing your identity.
Insofar as you voluntarily provide us with your personal data (name, address, email-address, telephone number, etc.) in the context of an inquiry, we shall use such information for sending you the requested offer or for submitting information. These data will not be stored on the web server, not be sold or externally published. The legal basis for this data collection and processing is ‘entering into a contract’ following Article 6(1) sentence 1 lit. b GDPR respectively your consent following Article 6(1) sentence 1 lit. a GDPR. Your personal data shall only be stored as long as it should be necessary for responding to all your requests or until revocation of your given consent. If a contract was concluded in the following, your personal data will be stored until the expiry of the respective legal retention periods.
In addition, we shall automatically get knowledge of the following log data:
1. Visited website;
2. Time at the moment of the access; 
3. Amount of data transmitted in bytes;
4. Source/link you used for visiting the page; 
5. Browser used;
6. Operating system used;
7. IP address used.
An identification of an individual end-user via the IP address is only possible by recourse of the provider data of the Internet access provider. In justified specific cases, this recourse is usually granted to investigating authorities by legal decision, only. However, the identification of the responsible Internet access provider is possible through the IP address. This is necessary for being able to report cases of misuse to the access provider and for requesting the provider to solve the problem. The remaining data will be summarized in statistics in a way not allowing personal data to be recovered no longer.
These so-called server log files will be stored on a rolling basis for 28 days and the oldest file will be automatically deleted during log rotation. For purposes of general access statistics, the files will be immediately analysed at the following day of collection. Apart from that, they shall exclusively be used for analysing detected malfunctions or suspicion of misuse.
Insofar as the following sections do not contain opposite information, the data processing is exclusively performed by WINKELMANN CONSULT GMBH & CO. KG.
Following Article 6(1) sentence 1 lit. f GDPR, this data collection and processing serves the purpose of safeguarding our predominant legitimate interests regarding a correct presentation of our offer within the context of balancing of interests.

C. Cookies
For the correct display our website, we use cookies. Cookies are small text files containing configuration information that will be stored on your terminal. Most of the cookies used by us are so-called “session-cookies”. They will be automatically deleted after your visit. Other cookies will be stored on your terminal until you will delete them. These cookies enable us to recognize your browser during your next visit.
You can configure your browser settings in a way that you will be informed about the placing of cookies and to accept cookies on a case-by-case basis, only, to exclude the acceptance of cookies in specific cases or in general and to activate the automatic deletion of cookies upon closing of the browser. Please note that if you deactivate cookies you may not be able to use all functions of this website.

Cookies do not cause any harm to your computer and do not contain viruses. They serve to make our offering more user-friendly, effective and secure. Moreover, the use of cookies serves the purpose of safeguarding our predominant legitimate interests regarding a correct presentation of our offer within the context of balancing of interests following Article 6(1) sentence 1 lit. f GDPR.

D. Google Web Fonts
This website uses external fonts of Google Fonts. Google Fonts is a service of Google Inc. (“Google”). The inclusion of the web fonts takes places based on a call of a Google server in the USA. The USA is certified according to the Privacy Shield. This way, the server will be informed about your visit to our website. Moreover, the IP address of the browser of the terminal of the visitor to this website will be stored by Google.

For more information please see the Google’s Privacy Policy to be found under the following links:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

The use of Google web fonts serves the purpose of safeguarding our predominant legitimate interests regarding an optically attractive and uniform design of our websites within the context of balancing of interests following Article 6(1) sentence 1 lit. f GDPR.

E. Your Rights
You can exercise the following rights against us free of charge and at any time:
Right of access by the data subject: Following Article 15 GDPR, you have the right to obtain information about the processing of your personal data by our company.

Right to rectification: Following Article 16 GDPR, you have the right to rectification of inaccurate or incomplete personal data concerning him or her.

Right to erasure: In case of the stated requirements mentioned in Article 17 GDPR, you have the right to erasure of personal data concerning him or her. Thus, you can for example request the erasure of your personal data, if they are no longer necessary in relation to the purposes for which they were collected. Moreover, you can request the deletion in cases you should withdraw your consent concerning our processing of your data based on your earlier given consent.
Right to restriction of processing: If the preconditions of Article 18 GDPR are met, you have the right to demand restriction of processing concerning your personal data. Such is the case for example, if you contest the accuracy of your personal data. You may then demand restriction of processing for a period enabling the controller to verify the accuracy of the personal data.

Right to object: Following Article 21 GDPR, you have the right to object to processing your personal data in case the processing is based on our predominant legitimate interest. An objection shall be permissible, if the processing is either carried out in the public interest or in exercise of official authority or is based on legitimate interest of WINKELMANN CONSULT GMBH & CO. KG or of a third party. In case of an objection, we would ask you to inform as about the grounds for your objection to data processing.

Right to data portability: Following Article 20 GDPR, insofar as the processing of personal data is due to your consent or a contract fulfilling and where the processing is based on automated processing of data, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller [data processor].

Right to withdrawal of consent: Following Article 7(3) sentence 1 GDPR, insofar as the data processing is based on your prior consent, you have the right to withdraw your consent regarding personal data processing with effect for the future at any time.
Right to lodge a complaint: Following Article 77 GDPR, you also have the right to lodge a complaint with a data protection supervisory authority concerning our processing of your personal data.

F. Data Protection Officer
Our Data Protection Officer will serve you as contact person for privacy-related issues at any time:
Thilo Noack
SharedIT Professional GmbH & Co. KG
Saebystr. 17a 
24576 Bad Bramstedt
Email: thilo.noack@sharedit-pro.de

G. Recipients / Transmission of Data
Insofar as not already mentioned above, personal data you supplied us with will never be forwarded to any third party. Especially, your data will not be transmitted to third parties for their advertising purposes.
We will perhaps use service providers for the operation of this website or, for instance, email services. In such a case, it may happen for a service provider to get access to personal data. We shall carefully choose our service providers – especially regarding data protection and data security – and take all necessary measures for a permitted data processing according to data protection regulations.

H. Privacy Notice for Applicants
We are delighted that you are interested in our company and plan to apply/have already applied for a position in our company. In the following, we would like to inform you about the processing of your personal data in connection with the application.
a. Which of your personal data will be processed by us? For what purposes the data will be processed by us?
We will process the data you transferred to our company in connection with your application for checking your qualification for the respective position (or perhaps for other open vacancies in our company) and for carrying out the application procedure.
b. What legal grounds will be the basis for this procedure?
The legal basis for the processing of your personal data within the framework of this application procedure is predominantly § 26 BDSG [Bundesdatenschutzgesetz – German Federal Data Protection Act] in the version valid from 25th May 2018. Accordingly, the processing of the data is permitted that are necessary for the decision about establishing an employment relationship.
In the case the data should be needed after the termination of the application procedure, perhaps for the assertion of any rights, the data processing may take place based on the requirements of Article 6 GDPR, especially for safeguarding legitimate interests according to Article 6(1) sentence 1 lit. f GDPR. Our predominant legitimate interest would then be the assertion of or defence against claims.
c. For how long shall the data be stored?

In case of a cancellation, data of applicants will be deleted after a 6-months-period.
Provided you gave your consent regarding a further storage of your personal data, we will transfer your data to our pool of applicants. There, the data will be deleted upon expiry of a two years period.
If you obtained a position within the framework of the application procedure, the data will be transferred from the applicant’s data system to our human resources information system.
d. To which recipients the data will be transmitted?
Once your application has been received, your applicant data will be reviewed by the personnel department. Afterwards, suitable applications will be forwarded internally to the department heads concerning the respective open position. Then, the further procedure will be coordinated.
Basically, only the persons will have access to your personal data in our company who would need them for properly processing our application procedure.
e. Where the data are being processed?
The data are being processed exclusively in computer centres located in the Federal Republic of Germany.
f. Your rights as „affected person“
You have the right of access concerning your personal data processed by us.
In case of an information inquiry not carried out in writing we ask you for your understanding that we may require evidence warranting that you are the person who you claim to be.
In addition and to the extent you are entitled by law, you have the right to correction, deletion or restriction of processing personal data.
Moreover, you have the right to object to processing personal data as stipulated by legal provisions and a right of withdrawal. The same shall apply to the right to data portability.
Furthermore, you have the right to lodge a complaint with a data protection supervisory authority concerning our processing of your personal data.

Comments are closed